package com.fezs.security.config;

import cn.hutool.core.util.StrUtil;
import com.fezs.security.config.properties.WebSecurityProperties;
import com.fezs.security.filter.TokenAuthenticationFilter;
import com.fezs.security.handle.AccessDeniedHandlerImpl;
import com.fezs.security.handle.AuthenticationEntryPointImpl;
import com.fezs.security.service.SecurityPermissionService;
import com.fezs.security.service.SecurityPermissionServiceImpl;
import com.fezs.web.mvc.handle.GlobalExceptionHandler;
import com.fezs.web.mvc.utils.JwtUtils;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.boot.autoconfigure.condition.ConditionalOnMissingBean;
import org.springframework.boot.context.properties.EnableConfigurationProperties;
import org.springframework.context.annotation.Bean;
import org.springframework.context.annotation.Configuration;
import org.springframework.security.crypto.bcrypt.BCryptPasswordEncoder;
import org.springframework.security.crypto.password.PasswordEncoder;
import org.springframework.security.web.AuthenticationEntryPoint;
import org.springframework.security.web.access.AccessDeniedHandler;

import javax.annotation.Resource;

/**
 * @author zhukai
 * @since 2022/8/17
 */
@Configuration(proxyBeanMethods = false)
@EnableConfigurationProperties(WebSecurityProperties.class)
public class SecurityConfig {

    @Resource
    private WebSecurityProperties webSecurityProperties;
    @Resource
    private GlobalExceptionHandler globalExceptionHandler;

    /**
     * 认证失败处理类 Bean
     */
    @Bean
    public AuthenticationEntryPoint authenticationEntryPoint() {
        return new AuthenticationEntryPointImpl();
    }

    /**
     * 权限不够处理器 Bean
     */
    @Bean
    public AccessDeniedHandler accessDeniedHandler() {
        return new AccessDeniedHandlerImpl();
    }

    /**
     * Spring Security 加密器
     * 考虑到安全性，这里采用 BCryptPasswordEncoder 加密器
     *
     * @see <a href="http://stackabuse.com/password-encoding-with-spring-security/">Password Encoding with Spring Security</a>
     */
    @Bean
    public PasswordEncoder passwordEncoder() {
        return new BCryptPasswordEncoder();
    }

    /**
     * Token 认证过滤器 Bean
     */
    @Bean
    public TokenAuthenticationFilter authenticationTokenFilter() {
        return new TokenAuthenticationFilter(webSecurityProperties, globalExceptionHandler);
    }

    /**
     * Jwt 工具类
     */
    @Autowired
    public void setJwtUtilSecret() {
        if (webSecurityProperties != null && StrUtil.isNotEmpty(webSecurityProperties.getSecretKey())) {
            JwtUtils.setJwtSecret(webSecurityProperties.getSecretKey());
        }
    }

    /**
     * 使用 Spring Security 的缩写，方便使用
     *
     * <pre>
     * {@code @PreAuthorize("@ss.hasPermission('sys.dict.create')") }
     * {@code @PreAuthorize("@ss.hasRole('manager')") }
     * </pre>
     */
    @Bean("ss")
    @ConditionalOnMissingBean(SecurityPermissionService.class)
    public SecurityPermissionService securityFrameworkService() {
        return new SecurityPermissionServiceImpl();
    }

}
